1=pod 2 3=head1 NAME 4 5crl - CRL utility 6 7=head1 SYNOPSIS 8 9B<openssl> B<crl> 10[B<-inform PEM|DER>] 11[B<-outform PEM|DER>] 12[B<-text>] 13[B<-in filename>] 14[B<-out filename>] 15[B<-noout>] 16[B<-hash>] 17[B<-issuer>] 18[B<-lastupdate>] 19[B<-nextupdate>] 20[B<-CAfile file>] 21[B<-CApath dir>] 22 23=head1 DESCRIPTION 24 25The B<crl> command processes CRL files in DER or PEM format. 26 27=head1 COMMAND OPTIONS 28 29=over 4 30 31=item B<-inform DER|PEM> 32 33This specifies the input format. B<DER> format is DER encoded CRL 34structure. B<PEM> (the default) is a base64 encoded version of 35the DER form with header and footer lines. 36 37=item B<-outform DER|PEM> 38 39This specifies the output format, the options have the same meaning as the 40B<-inform> option. 41 42=item B<-in filename> 43 44This specifies the input filename to read from or standard input if this 45option is not specified. 46 47=item B<-out filename> 48 49specifies the output filename to write to or standard output by 50default. 51 52=item B<-text> 53 54print out the CRL in text form. 55 56=item B<-noout> 57 58don't output the encoded version of the CRL. 59 60=item B<-hash> 61 62output a hash of the issuer name. This can be use to lookup CRLs in 63a directory by issuer name. 64 65=item B<-issuer> 66 67output the issuer name. 68 69=item B<-lastupdate> 70 71output the lastUpdate field. 72 73=item B<-nextupdate> 74 75output the nextUpdate field. 76 77=item B<-CAfile file> 78 79verify the signature on a CRL by looking up the issuing certificate in 80B<file> 81 82=item B<-CApath dir> 83 84verify the signature on a CRL by looking up the issuing certificate in 85B<dir>. This directory must be a standard certificate directory: that 86is a hash of each subject name (using B<x509 -hash>) should be linked 87to each certificate. 88 89=back 90 91=head1 NOTES 92 93The PEM CRL format uses the header and footer lines: 94 95 -----BEGIN X509 CRL----- 96 -----END X509 CRL----- 97 98=head1 EXAMPLES 99 100Convert a CRL file from PEM to DER: 101 102 openssl crl -in crl.pem -outform DER -out crl.der 103 104Output the text form of a DER encoded certificate: 105 106 openssl crl -in crl.der -text -noout 107 108=head1 BUGS 109 110Ideally it should be possible to create a CRL using appropriate options 111and files too. 112 113=head1 SEE ALSO 114 115L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)> 116 117=cut 118